AIKIDO-2026-10230
suppaftp is vulnerable to Use After Free
44
Medium Risk
This Affects:
suppaftpTL;DR
Affected versions of this package contain an unsafe memory management vulnerability in the tcp_stream function, where a raw pointer is incorrectly treated as an independently heap-allocated TcpStream when it actually lives inline within a wrapper struct, leading to undefined behavior via double-free or heap corruption upon deallocation. An attacker who can influence the timing or frequency of TCP connection handling could potentially exploit this by triggering repeated connection teardowns, causing heap metadata corruption that may lead to denial of service or, in advanced scenarios, controlled memory overwrites that could be leveraged for arbitrary code execution.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
suppaftp is vulnerable to Use After Free in versions 5.0.0 - 8.0.1.
How to fix this
Upgrade the suppaftp library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant